API & the public website

The public hospital website and the BridgeERP REST API are two sides of one system: a marketing-and-services website that patients see, fed entirely by JSON endpoints that read from the clinical back office. Editors curate doctors, departments, services, conditions, news and patient stories inside BridgeERP HMS; the website renders them live; and online bookings and portal actions flow straight back into the clinical records. This page explains how content is authored, the REST endpoints that serve it, the booking flow and the patient portal.

Where to find it

Website content is authored under HMS Core → Configuration → Website Content, and the supporting bridges sit under HMS Core → Integration → HMS Integrations:

MenuWhat it controls
Website Content → DoctorsPublic doctor profiles (hms.website.doctor.profile), each linked to a clinical staff record.
Website Content → Departments / ServicesDepartment and service pages (hms.website.department, hms.website.service).
Website Content → Conditions A-ZThe health-library conditions index (hms.website.condition).
Website Content → News & Health TipsArticles with tags and comments (hms.website.news).
Website Content → Patient Stories / TestimonialsSocial-proof content (hms.website.story, hms.website.testimonial).
Website Content → Health Packages / Insurance Partners / Locations / Careers / FAQs / Homepage PillarsThe remaining homepage and informational blocks.
Configuration → Stakeholder PortalPartner access and the audit log (hms.website.partner.access, hms.website.audit.log).

Every content record carries a website_published flag and a slug; only published records are served, and the slug is the URL key.

How data flows: back office to website

The website itself is a separate front-end that never touches the database directly. Instead it calls the REST API, a set of public JSON routes rooted at /storefront/api. Each route reads published content (or, for portal routes, a token-authenticated patient’s own data) and returns JSON. The flow is: editor publishes a record → the website requests the matching endpoint → the API serializes the published record → the page renders. Writes go the other way: a booking or a comment posts to the API, which creates a real clinical or content record.

Content endpoints (GET)

RouteReturns
/storefront/api/siteHospital identity: name, tagline, layout, emergency / appointment / WhatsApp numbers, social links, accreditation, ED wait times, mission and vision.
/storefront/api/home, /storefront/api/pillarsHomepage composition and the homepage pillars.
/storefront/api/doctors, /storefront/api/doctor/{slug}Published doctor list and a single profile.
/storefront/api/departments, /storefront/api/department/{slug}Departments and a single department (a /full/{slug} variant returns the deep payload).
/storefront/api/services, /storefront/api/service/{slug}Services and a single service.
/storefront/api/conditions, /storefront/api/conditions/lettersThe A-Z health library, filterable by letter or query.
/storefront/api/news, /storefront/api/news/{slug}, /storefront/api/news/tagsArticles, a single article and the tag list.
/storefront/api/stories, /storefront/api/testimonialsPatient stories and testimonials.
/storefront/api/packages, /storefront/api/insurers, /storefront/api/locations, /storefront/api/careers, /storefront/api/faqsHealth packages, insurance partners, locations, job openings and FAQs.
/storefront/api/searchSite-wide search across the published content.
/storefront/api/sitemapA sitemap of public URLs for SEO.
/storefront/api/availabilityBookable slots for the booking form.

Action endpoints (POST)

RouteDoes
/storefront/api/bookCreates a new patient and visit via the Reception model method.
/storefront/api/appointment/bookBooks an appointment, creating the patient if new and resolving doctor / department from the slug.
/storefront/api/contact, /storefront/api/newsletterCaptures a contact enquiry and a newsletter sign-up.
/storefront/api/news/commentSubmits a reader comment for moderation.
/storefront/api/career/applySubmits a job application.

Step-by-step: how an online booking lands

  1. The visitor picks a doctor or department, a date and a time, and submits the booking form.
  2. The site POSTs to /storefront/api/appointment/book with name, phone, optional email, gender, the doctor / department slug, date, time and channel (in-person or telehealth).
  3. The API looks up the patient by phone; if none exists it creates one.
  4. It resolves the doctor profile slug to the clinical staff member and the department slug to the clinical department, then creates an hms.appointment stamped with the facility, the local time converted to UTC, and the online_booking flag.
  5. The appointment opens in a pending state, ready for reception to confirm. A honeypot field silently absorbs bot submissions.
Note — Times sent by the website are treated as local (UTC+3) and converted to UTC for storage, so the slot shown to the patient and the one staff see in the clinical calendar match.

The patient portal

Returning patients sign in to a self-service portal whose routes sit under /storefront/api/portal. Login takes a phone number plus date of birth, matches an existing patient record, and issues a token; subsequent calls send that token. Portal routes include:

RouteReturns
/storefront/api/portal/loginAuthenticates by phone + date of birth, returns a token and the patient payload.
/storefront/api/portal/dashboardNext appointment, upcoming and recent visits, bills, results and outstanding balance.
/storefront/api/portal/appointments, /storefront/api/portal/appointment/{id}The patient’s appointments and one in detail; a cancel route lets them stand down a booking.
/storefront/api/portal/bills, /storefront/api/portal/results, /storefront/api/portal/prescriptionsBills, lab results and prescriptions for the signed-in patient only.
/storefront/api/portal/profileLets the patient update their own contact details.
Warning — Portal routes return clinical data, so every one re-checks the token and only ever returns records owned by that patient. Never widen a portal route to accept a patient id from the request body in place of the token.

Booking payload reference

FieldMeaningRequired
namePatient full name.Yes
phoneContact number, used to match or create the patient.Yes
date / timeRequested slot (local time).Yes
email / genderOptional contact and demographic detail.No
doctor / departmentSlug of the chosen doctor or department.No
channelin_person or telehealth (maps to outpatient / telemedicine).No (defaults in_person)

Roles & publishing

Website editors curate content from the back office; the public API routes themselves require no login because they only serve published records and token-scoped portal data. Partner access to the stakeholder portal is governed by Configuration → Stakeholder Portal → Partner Access, with all access written to the Audit Log.

Tips & troubleshooting

SymptomLikely cause & fix
A doctor / article is missing from the siteIts record is not published; set website_published on the content record.
A page 404s by slugThe slug changed or is blank; set a unique slug on the record.
Booking returns an errorName, phone, date and time are all required, and a facility must exist; check the facility configuration.
Portal login fails for a real patientThe phone or date of birth does not match the record; correct the patient’s contact details in the back office.
Was this page helpful?